Often the disclosure of a password is no fault of our own but rather the result of a website or application compromise. Use these tips to develop a password management strategy that will dramatically decrease your overall risk if any one of your passwords is compromised. Hopefully the next time you have to create a strong password it won’t take nearly as long to think up something secure.

Password best practices:

1. Don’t use Personal Identifiable Information (PII) in your password such as:

• Name
• User name
• Birthday
• Pet’s name
• Child’s name
• Alma mater
• Hobby keyword

2. Don’t use any word that can be found in the dictionary as your full password

3. Don’t use the same password for online banking that you use for social networking or email

4. Don’t give your password to someone over the phone

5. Try to use special characters such as non-alphabetic characters

6. Try to create passwords at with at least eight characters

7. Try to use a password vault application to protect and help manage your many passwords

8. Try to change your most critical passwords on a regular basis

Tips for managing passwords:

A cardinal sin with passwords is reusing the same password in both public and private applications. Yet sometimes creating a different password for every website and every application can be problematic. If this does not work for you here is a tip to reduce the number of passwords while retaining some level of logical separation.

Group sites and applications into different categories such as:

• Private - online banking
• Personal - email accounts
• Public - social networking
• Business - corporate email, web, and vpn access

Create a password for each category.

This control limits the impact if one of the passwords is compromised.

Choosing the password string:

Some of us are quite creative when thinking of passwords and others of us need some help. Here are some possible strategies for creating your passwords:

• Think of a phrase, quote, or song verse and select the first character of each word to create a password.

“In the middle of a difficulty lies opportunity.” translates to “Itmoadlo.”

• Passwords are often case sensitive and here we’ve used a capital “I” just like the start of the sentence.

• Vowels can be replaced with numbers to add entropy

“Itmoadlo.” translates to “1tm0adl0.”

• Punctuation is a good way to add entropy to your passwords as well as a little length. Note the use of the period punctuation mark in the password above.

It is important to realize that the above strategy results in a password that is better than average but can still be guessed in time using today’s powerful computers. The key is to establish your own unique password creation pattern and ensure the password is of sufficient length. Password length is the most important factor in creating passwords.

Add length and in turn strength to your passwords

• Create a unique string that you can prefix or append to your passwords such as:

prefix string + password = stronger password

tdr0cks! + itm0adl0. = tdr0cks!itm0adl0.

tdr0cks! + torvt11. = tdr0cks!torvt11.

The prefix string can be the same for all your passwords thus making it easier to remember. However the core password must be different for each website, application, or category. Also the prefix string must not be a single character as its common practice to brute force passwords using ! or 1 as the first or last character.

• Use common but unrelated words

If the above strategies still look too cumbersome one can simply think of 4 or 5 unrelated yet common words and concatenate them together to create their passwords.

princess + toast + finance + captain = princesstoastfinancecaptain

The key to this common word strategy is picking unrelated words and building a sufficiently long password. It’s the length that really increases the password strength. Lastly it is recommended that these strategies be combined with the use of a password vault application to securely store your passwords.

*All password documented here are provided for illustrative purposes and as they are now public their use is contraindicated.

More than two months after authorities shut down a massive Internet traffic hijacking scheme, the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and on PCs at nearly 50 percent of all federal government agencies, new research shows.

The malware, known as the “DNSChanger Trojan,” quietly alters the host computer’s Internet settings to hijack search results and to block victims from visiting security sites that might help scrub the infections. DNSChanger frequently was bundled with other types of malware, meaning that systems infected with the Trojan often also host other, more nefarious digital parasites.

In early November, authorities in Estonia arrested six men suspected of using the Trojan to control more than four million computers in over 100 countries — including an estimated 500,000 in the United States. Investigators timed the arrests with a coordinated attack on the malware’s infrastructure. The two-pronged attack was intended to prevent miscreants from continuing to control the network of hacked PCs, and to give Internet service providers an opportunity to alert customers with infected machines.

But that cleanup process has been slow-going, according to at least one security firm. Internet Identity, a Tacoma, Wash. company that sells security services, found evidence of at least one DNSChanger infection in computers at half of all Fortune 500 firms, and 27 out of 55 major government entities.

“Yes, there are challenges with removing this malware, but you would think people would want to get this cleaned up,” said Rod Rasmussen, president and chief technology officer at Internet Identity. “This malware was sometimes bundled with other stuff, but it also turns off antivirus software on the infected machines and blocks them from getting security updates from Microsoft.”

Computers still infected with DNSChanger are up against a countdown clock. As part of the DNSChanger botnet takedown, the feds secured a court order to replace the Trojan’s DNS infrastructure with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web.

Rasmussen said there are still millions of PCs infected with DNSChanger. “At this rate, a lot of users are going to see their Internet break on March 8.”

Tom Grasso Jr., an FBI supervisory agent at the National Cyber Forensics & Training Alliance in Pittsburgh, Pa., said the DNSChanger Working Group — the industry and law enforcement coalition that’s handling the remediation — has been discussing what to do about the upcoming deadline, but he declined to offer specifics.

“We’re certainly exploring all different options to minimize whatever impact there’s going to be on a lot of people,” Grasso said.

Even if the DNS Changer working group manages to get the deadline extended, the cleanup process will likely take many years.  At least, that’s been the experience of the the Conficker Working Group, a similar industry consortium that was created to help contain and clean up infections from the infamous Conficker Worm. That working group was formed in 2009, yet according to the group’s latest statistics, nearly 3 million systems remain infected with Conficker.

Given the Conficker Working Group’s experience, shutting down the surrogate DNS network on March 8 may actually be a faster — albeit more painful — way to clean up the problem.

“I’m guessing a lot more people would care at that point,” Rasmussen said. “It certainly would be an interesting social experiment if these systems just got cut off.”

Individuals in charge of a large network can learn if any systems are infected with DNSChanger by sending a request to one of the members of the DNS Changer Working Group. Home users can avail themselves of step-by-step instructions at this link to learn of possible DNSChanger infections.

A new service aims to be the Google search of underground Web sites, connecting buyers to a vast sea of shops that offer an array of dodgy goods and services, from stolen credit card numbers to identity information and anonymity tools.

A glut of data breaches and stolen card numbers has spawned dozens of stores that sell the information. The trouble is that each shop requires users to create accounts and sign in before they can search for cards.

Enter MegaSearch.cc, which lets potential buyers discover which fraud shops hold the cards they’re looking for without having to first create accounts at each store. This free search engine aggregates data about compromised payment cards, and points searchers to various fraud shops selling them.

According to its creator, the search engine does not store the compromised card numbers or any information about the card holders. Instead, it works with card shop owners to index the first six digits of all compromised account numbers that are for sale.  These six digits, also known the “Bank Identification Number” — or BIN — identify which bank issued the cards. Searching by BIN, MegaSearch users are given links to different fraud shops that are currently selling cards issued by the corresponding bank.

I first read about this offering in a blog post by RSA Fraud Action Research Labs. It didn’t take much time poking around a few hacker boards to find the brains behind MegaSearch pitching his idea to the owners of different fraud shops. He agreed to discuss his offering with me via instant message, using the search service as his screen name.

“I’m standing on a big startup that is going to be [referred to as] the ‘underground Google,’” MegaSearch told. “Many users spend a lot of time looking [through] shops, and I thought why not make that convenient?”

The service currently indexes compromised BINs from five different card shops, although he said several more shops are close to completing their integration with MegaSearch. He acknowledged garnering a small advertising fee for each relationship, although he repeatedly declined to discuss the particulars of those arrangements. But he said both sides benefit: stolen card data grows less reliable with age, and fraud shops that are indexed by MegaSearch stand a better chance of clearing their inventory faster, the hacker argues.

MegaSearch said that when his site first launched at the end of 2011 and began indexing the five card shops he’s now tracking, those shops had some 360,000 compromised accounts for sale, collectively. Since then, those shops have moved more than 200,000 cards. The search engine currently has indexed 352,000 stolen account numbers that are for sale right now in the underground.

According to BIN search stats published on the site, Citibank cards are the most sought-after, followed by cards issued by FIA Card Services, Capital One and Chase.

In the coming weeks, he said, the site will include new features that index other types of criminal wares, including Social Security numbers and proxies — addresses of hacked PCs that paying clients can use as a relay to anonymize their online communications.

“I’m about to add more services to that site that would help newbie underground, including proxies, stolen identity information, etc.,” MegaSearch told me. “I’m also going to add a survey [to rate] the best shop.”

2011 has been called the Year of the Data Breach. If services like MegaSearch are indicative of a trend, 2012 may well become known as the year the criminal underground started getting a clue about how to better index and use all of its stolen data.

Secretary of State Hillary Rodham Clinton with then-Nigerian Foreign Minister Henry Odein Ajumogobia in Washington, D.C. in August 2010. Credit: U.S. State Department

You’ve got to hand it to Nigerian email fraudsters — they are nothing if not persistent.

In their latest campaign to fool extraordinarily gullible people that they are due an inheritance, and that a bank in the West African nation is ready to hand over enormous sums of money, no questions asked, Nigerian scammers have begun sending emails that claim to be from U.S. Secretary of State Hillary Clinton, the security firm AppRiver reported.

As a U.S.-government official, Mrs. Clinton, the emails say, endorses the Central Bank of Nigeria in its effort to deposit $10.5 million into the recipient’s bank account. To receive the money, the email, which is signed by Clinton, instructs people to contact the Nigerian bank’s ATM-Card Department, which will give further information as to how to claim an ATM card that entitles its holder to withdraw $10,000 per day.

The text of the email is not visible at first, but rather it’s included as an attached .ZIP file. This is a tactic Nigerian scammers have recently been deploying as a way of subverting anti-spam software designed to detect these types of scams, which are very common, and always promise some sort of multi-million-dollar entitlement from a Nigerian bank or government official.

As a steadfast rule, immediately delete any unsolicited, suspicious-looking email that promises a bundle of money from a Nigerian bank. In fact, anytime you receive email offer promising money or gifts, ignore it. If someone approached you out of the blue on the street and promised you $10.5 million, you’d naturally think that person was suspicious. The online street should be no different.

Adobe and Microsoft today each issued software fixes to tackle dangerous security flaws in their products. If you use Acrobat, Adobe Reader or Windows, it’s time to patch.

Microsoft released seven security bulletins addressing at least eight vulnerabilities in Windows. The lone “critical” Microsoft patch addresses a pair of bugs in Windows Media Player. Microsoft warns that attackers could exploit these flaws to break into Windows systems without any help from users; the vulnerability could be triggered just by browsing to a site that hosts specially crafted video content.

The other Windows patches earned a less severe “important” rating from Microsoft, although not everyone agrees with that assessment. Symantec’s Joshua Talbot said another bug fixed today — a glitch in the way Windows handles Microsoft Office files — is potentially more dangerous because it appears to be easier to exploit than the Media Player flaw.

“The vulnerability is due to an oversight that allows an attacker to run malware as soon as a user opens a Word or PowerPoint file,” Talbot said. “Email attachments will probably be the most common attack method in which this vulnerability is exploited. As usual, we strongly recommend users only open email attachments from people they know.”

More information on the other patches Microsoft released today is available here.

On Dec. 29, Microsoft issued an out-of-band update to address a flaw in ASP.Net that could allow an attacker to force a user to visit a malicious web site. The vulnerability affects all versions of the .NET Framework on Windows XP and later versions of Windows. If you use Windows and see a .NET Framework patch awaiting your approval in Windows Update this month, don’t neglect it.

In a separate release, Adobe pushed out security updates for Adobe Reader and Acrobat. At the forefront of the Adobe patch batch is a fix for a zero-day flaw in Acrobat and Reader that Adobe first warned about in early December. Shortly after that warning, Adobe issued a fix for the flaw in Reader 9.x and Acrobat 9.x, but said it would wait until today (its scheduled, quarterly update) to address it in the new Reader X and Acrobat X versions of the software. Adobe recommends that users of Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1.2). Updates are available for Windows and Mac versions of these titles; see the Adobe advisory for the patch download links.

Security researchers have released new tools that can bypass the encryption used to protect many types of wireless routers. Ironically, the tools take advantage of design flaws in a technology pushed by the wireless industry that was intended to make the security features of modern routers easier to use.

At issue is a technology called “Wi-Fi Protected Setup” (WPS) that ships with many routers marketed to consumers and small businesses. According to the Wi-Fi Alliance, an industry group, WPS is “designed to ease the task of setting up and configuring security on wireless local area networks. WPS enables typical users who possess little understanding of traditional Wi-Fi configuration and security settings to automatically configure new wireless networks add new devices and enable security.”

Setting up a home wireless network to use encryption traditionally involved navigating a confusing array of Web-based menus, selecting from a jumble of geeky-sounding and ill-explained encryption options (WEP, WPA, WPA2, TKIP, AES), and then repeating many of those procedures on the various wireless devices the user wants to connect to the network. To make matters worse, many wireless routers come with little or no instructions on how to set up encryption.

Enter WPS. Wireless routers with WPS built-in ship with a personal identification number (PIN – usually 8 digits) printed on them. Using WPS, the user can enable strong encryption for the wireless network simply by pushing a button on the router and then entering the PIN in a network setup wizard designed to interact with the router.

But according to new research, routers with WPS are vulnerable to a very basic hacking technique: The brute-force attack. Put simply, an attacker can try thousands of combinations in rapid succession until he happens on the correct 8-digit PIN that allows authentication to the device.

One way to protect against such automated attacks is to disallow authentication for a specified amount of time after a certain number of unsuccessful attempts. Stefan Viehböck, a freelance information security researcher, said some wireless access point makers implemented such an approach. The problem, he said, is that most of the vendors did so in ways that make brute-force attacks slower, but still feasible.

Earlier today, Viehböck released on his site a free tool that he said can be used to duplicate his research and findings, detailed in this paper (PDF). He said his tool took about four hours to test all possible combinations on TP-Link and D-Link routers he examined, and less than 24 hours against a Netgear router.

“The Wi-Fi alliance members were clearly opting for usability” over security, Viehböck said in a instant message conversation with KrebsOnSecurity.com. “It is very unlikely that nobody noticed that the way they designed the protocol makes a brute force attack easier than it ever should.”

Separately, Craig Heffner, a researcher with Columbia, Md. based security consultancy Tactical Network Solutions, has released an open-source tool called “Reaver” to attack the same vulnerability. Heffner notes that once an attacker has successfully guessed the WPS PIN, he can instantly recover the router’s encryption passphrase, even if the owner changes the passphrase. In addition, he warns, “access points with multiple radios (2.4/5GHz) can be configured with multiple WPA keys. Since the radios use the same WPS pin, knowledge of the pin allows an attacker to recover all WPA keys.”

The important thing to keep in mind with this flaw is that devices with WPS built-in are vulnerable whether or not users take advantage of the WPS capability in setting up their router. Also, routers that include WPS functionality are likely to have this feature turned on by default.

First the good news: Blocking this attack may be as simple as disabling the WPS feature on your router. The bad news is that it may not be possible in all cases to do this.

In an advisory released on Dec. 27, the U.S. Computer Emergency Readiness Team (US-CERT) warned that “an attacker within range of the wireless access point may be able to brute force the WPS PIN and retrieve the password for the wireless network, change the configuration of the access point, or cause a denial of service.” The advisory notes that products made by a number of vendors are impacted, including Belkin, Buffalo, D-Link, Linksys, Net gear, TP-Link and ZyXel.

Microsoft Windows 7 harbors a serious vulnerability that puts people browsing the Web on Safari in danger of having their computers compromised.

In an advisory, the security firm Secunia warned that the “highly critical” memory corruption flaw could allow a remote attacker to gain access to a target’s Windows 7 system and execute malicious code with kernel-level privileges.

The port of entry for the hack is Apple’s popular Web browser, Safari; by crafting a rigged iFrame — a line of code inserted into a Web page that loads data from another site — an attacker could launch the takeover. There is currently “no effective solution” for the flaw, Secunia wrote.

To keep yourself protected against this type of mass-injection attack, as it is called, make sure you run strong, up-to-date anti-virus software on your computer, and supplement it with a threat-detecting and eliminating anti-malware program.

It’s horrifying enough when a computer crook breaks into your PC, steals your passwords and empties your bank account. Now, a new malware variant uses a devilish scheme to trick people into voluntarily transferring money from their accounts to a cyber thief’s account.

The German Federal Criminal Police (the “Bundeskriminalamt” or BKA for short) recently warned consumers about a new Windows malware strain that waits until the victim logs in to his bank account. The malware then presents the customer with a message stating that a credit has been made to his account by mistake, and that the account has been frozen until the errant payment is transferred back.

When the unwitting user views his account balance, the malware modifies the amounts displayed in his browser; it appears that he has recently received a large transfer into his account. The victim is told to immediately make a transfer to return the funds and unlock his account. The malicious software presents an already filled-in online transfer form — with the account and routing numbers for a bank account the attacker controls.

The BKA’s advisory isn’t specific about the responsible strain of malware, but it is becoming increasingly common for banking Trojans to incorporate “Web injects,” custom designed plug-ins that manipulate what victims see in their Web browsers.

This attack is an insidious extension of the tactic that was pioneered by the URL Zone Trojan, which specializes in manipulating the balance that victims see when they log into their (cleaned-out) bank accounts.

If you log in to your bank account and see something odd, such as a “down for maintenance” page or an alert about a wayward transfer, your best option is to pick up the phone and call your bank. Make sure you are using the bank’s real phone number: Malware like the ZeuS Trojan has been known to present newly-fleeced victims with messages about problems with the bank’s Web site, along with a bogus customer support phone number.

The latest version of the Ramnit worm steals Facebook credentials and spams friends on the social-networking site to spread itself instead of relying on email, researchers said.

A new variant of the Ramnit worm has managed to steal log-in credentials for several thousand Facebook accounts, according to researchers at Seculert.

The latest Ramnit variant stole more than 45,000 Facebook passwords and tried compromising other accounts belonging to the victims, such as virtual private networks, emails and other Web services, Seculert researchers wrote Jan. 4. By examining the command-and-control server associated with Ramnit, Seculert researchers were able to detect the stolen credentials, most of which were from the United Kingdom and France.

Ramnit was first detected more than 18 months ago and targeted online banking and FTP credentials by infecting HTML files, Office documents and Windows executables, according to a profile published in Microsoft Security Intelligence Report Volume 11. Ramnit variants often abuse the Autorun feature and incorporate social-engineering tricks to con users into helping the malware spread, according to Microsoft. It can steal log-in credentials and browser cookies, as well as open a backdoor to the infected machine.

“Recently, our research lab identified a completely new ‘financial’ Ramnit variant aimed at stealing Facebook log-in credentials,” Seculert wrote.

Trusteer researchers analyzed a Ramnit variant in June and found that it had “morphed” into malware capable of financial fraud. The financial worm exhibited similarities with the Zeus Trojan and was able to use the large infected base of machines to spam users with malicious links, according to Trusteer. The variant found by Seculert appears to be a more recent version targeting social-networking sites, instead.

Attackers are also using the stolen information collected by the newest Ramnit worm to log in to the victims’ accounts and send malicious links to all their friends to help spread the malware, the researchers found.

It appears that cyber-criminals are now experimenting with replacing the old-school email worms with more up-to-date social-network worms, Seculert researchers said. Another worm was detected in November by researchers at Denmark’s CSIS which used a similar method to spread on Facebook.

The Facebook worm stole user credentials and then spammed out malicious links to the victims’ friends. The links led to a supposed photo Website which downloaded a variety of malware on users’ machines, including a variant of the Zeus Trojan.

Malware writers need to communicate with their victims to infect them and further propagate their attacks, Michael Sutton, vice president of security research at Zscaler ThreatLabZ, told eWEEK. Internet users are shifting away from email to communicate on social networks, and malware writers are making the same shift to adopt the victims’ “preferred means of communication,” Sutton said.

While users recognize that email can be easily spoofed and will often ignore suspicious messages, they are less likely to ignore messages sent over Facebook, according to Sutton. “Victims are simply not aware that the ‘trusted’ Facebook account from which the communication was received may itself have already been compromised,” he said.

After stealing the credentials, attackers tested the information to see whether users had reused their passwords on other sites and applications, such as corporate email and Gmail, according to Seculert.

A worm designed to steal from financial institutions has evolved into a social-network threat, John Weinschenk, CEO at Cenzic, told eWEEK. “Bank account numbers and Facebook log-in credentials seem very different, but to hackers, they are equally as lucrative,” Weinschenk said. 

Users need to be vigilant about changing passwords often, avoid clicking on unknown links and alert their friends to a potential malicious link they might have posted, Weinschenk recommended.

Previous Ramnit variants infected more than 800,000 machines in the last five months of 2011, estimated Seculert researchers. A Symantec report from July estimated that Ramnit worm variants accounted for 17.3 percent of all new malicious software infections.

This is what happens when you install too many add-on browser toolbars. Credit: MDornSeif/Creative Commons

Do you use AOL Instant Messenger at work? How about Dropbox? Do you have “Plants vs. Zombies” installed as an app in your Google Chrome browser? Or a third-party browser search bar?

Odds are that your company’s IT department didn’t specifically authorize the installation of such applications and plug-ins. If that’s the case, then they’re termed “grayware,” and believe it or not,

Grayware applications aren’t actually viruses or other forms of malware. In most cases, they’re common pieces of software that enable real-time communication. Other examples of grayware include messaging apps such as Google Talk or eBuddy, dozens of Twitter add-ons and utilities that track weather or stocks. All are “passive” applications that are fed and updated from a cloud network.

Just under the radar, but talking to the whole world

The passive nature of grayware applications lets them often go unnoticed in corporate networks, which partly explains their widespread use by office workers. Recent surveys show that grayware can constitute a substantial percentage of a workplace’s online software.

“Graywares now come in many shapes and sizes,” said Michael Xie, chief technology officer and vice president of engineering at Sunnyvale, Calif.-based firewall manufacturer Fortinet. “It is really hard to differentiate them from normal applications, which is the reason why their proliferation rate [today] is higher than ever.”

For instance, the thousands of add-ons available for Mozilla Firefox and Chrome act like normal applications. But they actually have links established with cloud servers collecting user information and activity trends. If any of those cloud servers are compromised or infected, malware gets a backdoor right into countless corporate networks.

In such situations, conventional anti-virus software and firewalls are mostly unable to minimize vulnerability. Cutting off grayware applications’ Internet access might result in the termination and interruption of other, authorized, Internet-facing applications.

Security applications can easily tell the difference between “white” (safe) and “black” (malicious) software, but they’re still not able to categorize the “grays.” The ambiguity might result in deadly breaches for corporate networks in the coming future.

“In the beginning, we were concerned only about types of viruses, and now we have several different breeds of malicious programs, with each having compound identities,” Xie said. “The thing is that nobody is concerned about their names and classifications anymore. People just want to get rid of them.”

Normally, grayware is not as invasive as malicious Trojans and viruses — it behaves in an entirely different manner. Often, the worst side effect of such software is the gradual installation of small activity-sniffers and spyware programs.

Much grayware comes in the form of add-on browser toolbars that access online third-party services. Their installation requires no approval from network administrators, nor sometimes even the end user.

You might have noticed it yourself — while installing a software update or downloading a package, you get an auto-checked installation dialogue box which, by default, assumes your approval to install a browser toolbars and other “addware” alongside the desired software.

But such add-on toolbars often change the home addresses of Web browsers and redirect invalid browsing requests — typos, basically — to optimized Web pages full of spam and cheap ads. In some cases, those Web pages infect visiting computers with malware.

Hard to avoid, hard to get rid of

Grayware authors often design their applications without proper uninstall features, making them difficult to remove. The applications also capture and analyze user activity for commercial reasons, which can be seen as a breach of privacy and network security.

Grayware often opens parallel communication channels from the user’s computer, channels that share sensitive information about the user and his company’s network even while he stays on the primary channel.

And grayware applications gradually increase their runtime system-resource consumption, which drastically decreases the efficiency of end-user computers. If even 40 percent of the machines on a corporate network have heavy grayware activity, IT departments may have to do a complete overhaul and re-design of security parameters on workstations.

“Most of the times, these [grayware applications] are unknowingly downloaded by the users, and once they are installed, the system just treats them as a mere unwanted application establishing outside connections,” said Erika Mendoza, threat response engineer at Trend Micro, Inc. “They are made out to be sticky and irritating, but in reality are as dangerous as malwares and spywares.”

Seeing in black and white

There’s an old saying among IT professionals that “the only secure computer is one that’s unplugged.” The prevalence of grayware not only confirms that maxim, but also shows how helpless information security can become with rapid technological advancement.

Fortunately, there are ways to avoid the risks of grayware. Be extra-attentive when updating software. Check with your corporate IT department before installing messaging or entertainment applications. And always remember that if someone’s giving away software for free, they’ll usually want something in return.